[users@httpd] "Perfect" Transparent Proxy Setup?

[Brian Kim <09...@gmail.com>]

Hi. All.

I am thinking a proxy system like a magic box. Let's say that we have
a gateway where an interface 0 is for internal network and an
interface 1 is for outsite.

In front of the gateway, I would like to install my proxy system with
two interface cards(interface 3 and interface 4) and to make users to
access other webs without any browser configuration to my proxy.

Without any doubt, I should run revere proxy in apache and also think
that I need more network setups.

For example, my system has to pass the ARP packet to interface 0.
Then, it needs IP-forwarding between interface 3 and interface 4.

Are there something else that I need to consider?

I think that IP-forwarding can be done by IP-table configuration. What
about ARP forwarding? Can I solve this with Proxy ARP?

I hope that any network expert make my naive idea more concrete.

Thanks.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] "Perfect" Transparent Proxy Setup?

[Matus UHLAR - fantomas <uh...@fantomas.sk>]

On 18.01.10 13:10, Brian Kim wrote:
> I am thinking a proxy system like a magic box. Let's say that we have
> a gateway where an interface 0 is for internal network and an
> interface 1 is for outsite.
> 
> In front of the gateway, I would like to install my proxy system with
> two interface cards(interface 3 and interface 4) and to make users to
> access other webs without any browser configuration to my proxy.

I strongly recommend you to use WPAD so the browsers would know they use
proxy. They can use authentication in such case and there are some problems
running intercepting proxy.

However this discussion is outside this list's business.
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] "Perfect" Transparent Proxy Setup?

[Krist van Besien <kr...@gmail.com>]

On Mon, Jan 18, 2010 at 7:10 PM, Brian Kim <09...@gmail.com> wrote:
> I hope that any network expert make my naive idea more concrete.

Actually as a general Web Proxy Squid is a better choice. On a Linux
system you can use IPTables to forward all requests to port 80 to your
squifd proxy, which effectively creates a transparant proxy. More info
can be found on the web. Just google "transparent proxy with squid".


Krist



-- 
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org